Example traffic

Wireshark

The DNS dissector is fully functional. Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.

Preference Settings

The DNS dissector has one preference: "Reassemble DNS messages spanning multiple TCP segments". As you might have guessed, this takes a DNS request or reply that has been split across multiple TCP segments and reassembles it back into one message. TCP_Reassembly has to be enabled for this feature to work.

Example capture file

Display Filter

Capture Filter

You cannot directly filter DNS protocols while capturing if they are going to or from arbitrary ports. However, DNS traffic normally goes to or from port 53, and traffic to and from that port is normally DNS traffic, so you can filter on that port number.

Capture only traffic to and from port 53:

port 53

On many systems, you can say "port domain" rather than "port 53".

DNS servers that allow recursive queries from external networks can be used to perform denial of service (DDoS) attacks. You can look for external recursive queries with a filter such as